We’ve developed some resources to help you work effectively from home during COVID-19 Click to learn more

ASP.NET web application quickstart

In this article

    A quick-start guide for getting you up and running with an ASP.NET Core Razor Page web application.

    Before you begin

    • you have a tenant with a user for testing sign-in
    • you have registered your application with the following options:
      • OpenID Connect Authorization Code flow


      • redirect URI of your choice

    • you have received a unique application client ID and secret 
    • you have Visual Studio (community, professional, or enterprise edition)


    1. Clone or download the SuperOffice.DevNet.RazorPages from GitHub.

      git clone https://github.com/SuperOffice/devnet-oidc-razor-pages-webapi.git

    2. In Visual Studio, go to the Source directory and open the SuperOffice.DevNet.RazorPages.sln file.

    3. Under the Build menu, click Build Solution, or press the F6 key on the keyboard, to restore NuGet packages and build the solution file.

    4. From the Debug menu, click Start Debugging, or press the F5 key.

      Observe that the application runs and opens in the browser.


    5. Click the Login or Contacts link. The browser navigates to the SuperOffice SuperID sign-in page.

    6. At this point, if you have multiple tenants, a list of available tenants appear. Choose a tenant to grant access to your application.

    7. If this is the 1st time accessing this tenant via this application, a consent dialog appears asking for application approval to gain access to your web service resources.

      Click I approve.

    8. The browser callback is shown and navigates to the website's index page showing the list of claims and tokens.


    9. Click the Contacts link and a list of all the contacts in the tenant will appear. This provides the opportunity to create a new company, or edit the name and department values for the listed companies.


    Next steps

    Analyze the code.

    The Startup.cs file contains information that:

    • sets Antiforgery cookie accordingly so that form posts work as expected in an iframe
    • sets the SameSite cookie to None by default, and to Unspecified in older browsers
    • sets up the sign-out URL accordingly

    The ContactDbContext.cs file acts as a local cache for Contact entities, as well as facilitates called to the SuperOffice WebApi REST API.

    The SoHttpRestClient.cs file is an HttpClient helper class to make REST requests.

    If you have any issues with the sample, please post an issue on the repo issues page.